Page 1 of 4 123 ... LastLast
Results 1 to 10 of 34

Thread: Disk Usage Analyzer - Need help understanding result

  1. #1
    Join Date
    Mar 2019
    Beans
    249

    Disk Usage Analyzer - Need help understanding result

    Hi,
    Is there anyone here who can help me understand the disk analysis I just received, see screenshot below.

    There are several things that puzzle me:

    1/ at the top it says:

    Error opening directory: 'tmp/snap-private-tmp': Permission denied

    Why is permission denied?

    2/

    var, etc, and tmp were modified today, yet I was not at home today and just opened my computer minutes ago, while I was offline. So I could not have downloaded anything from the internet.
    Last edited by ajgreeny; June 18th, 2023 at 08:01 PM. Reason: Large image removed

  2. #2
    Join Date
    Mar 2019
    Beans
    249

    Re: Disk Usage Analyzer - Need help understanding result

    And a P S: I just did a disk analysis of my Home Folder and here too there is a long list of files that were modified today, though I was not at home.

    I got the feeling that my computer may have been tampered with.

    How can I check if items were added to my computer?
    Last edited by ajgreeny; June 18th, 2023 at 08:21 PM. Reason: Large image removed

  3. #3
    Join Date
    Mar 2019
    Beans
    249

    Re: Disk Usage Analyzer - Need help understanding result

    Finally, I hate to have to post this again, as I have done this in the past, but while I was typing this message on the Ubuntu Forum, my laptop about which I am reporting in this thread (Lenovo x240, with Ubuntu 20.04 OS) was hacked again.

    Two screenshots of the disk analysis that I tried to upload for this forum were deleted repeatedly from the Manage Attachment Window.

    And a Libre office writer file turned into a remote file, even though I never use remote files, see top bar of the screenshot attached, which says remote. I never use remote files, ever.

    Any idea?

    Attached Images Attached Images
    Last edited by bhubunt; June 19th, 2023 at 11:31 AM.

  4. #4
    Join Date
    Jul 2005
    Location
    I think I'm here! Maybe?
    Beans
    Hidden!
    Distro
    Xubuntu 24.04 Noble Numbat

    Re: Disk Usage Analyzer - Need help understanding result

    Every time you use your computer, even if you do nothing but start a new session or restore it from suspend, some files in your home and in the root filesystem will be changed or accessed.
    You do not mention by name any file as an example of one that has apparently changed but I suspect that what you have noted is completely normal and expected.

    Tell us more detail of specific files/folders that have changed and we might be able to give you more information.

  5. #5
    Join Date
    Mar 2019
    Beans
    249

    Re: Disk Usage Analyzer - Need help understanding result

    Hi,
    Thanks for replying. To answer your question: all of the items that are in my home folder and that say "modified today." The same for the items that say "modified today" in the first screenshot: greener-Thinkpad-x240.

    Also, why is permission denied for Error opening directory: 'tmp/snap-private-tmp': Permission denied

    If any and all of this is harmless, then I'd like to hear that.

    However, the deletions while I am typing and the bizarre remote file are not harmless. I also have had logs changed, screenshots of irregularities that I made changed into 0 bytes.

  6. #6
    Join Date
    Jul 2005
    Location
    I think I'm here! Maybe?
    Beans
    Hidden!
    Distro
    Xubuntu 24.04 Noble Numbat

    Re: Disk Usage Analyzer - Need help understanding result

    It was me who removed the large images from your first two posts! The images were already there but as attachments (small icons which show at the bottom of the posts) which open as a large image when clicked.

    These attachments must have been added by you using the paperclip icon in the "Reply to Thread" toolbar, but I see you did not add the third image in this way but added it as an inline item which we try to avoid; they make life difficult for users with limited bandwidth or who pay for their downloads (yes, it still works that way for some) and it makes viewing the forum similarly a problem on small screen mobile devices such as tablets or phones.

    Please use the Attachment facility in future.

  7. #7
    Join Date
    Dec 2014
    Beans
    2,683

    Re: Disk Usage Analyzer - Need help understanding result

    '/tmp/snap-private-tmp/' is owned by root with no permissions for anybody else. AFAIK it's a directory for temporary files used by the snap background process (snapd).

    Stuff in '/var' is getting modified all the time. The logs live there. So do snap packages. So do databases.

    Same goes for '/tmp'. It's for temporary files. You might not see them with 'ls' or the file manager since an old trick is to create a temporary file, open it for reading and writing and then deleting it. The program still has a valid handle on the file, so the only thing that gets removed is the name, the program can still use the file and nobody else can even tell the file exists unless they look with lsof - 'list open files' - then they'll see it but still can't access it since there's no name to use for opening it. The used blocks will be freed as soon as the program using the temporary file closes it.

    Changes in '/etc/' are more cause for concern. Nothing should be able to make changes in '/etc/' unless it has rather high level permissions.

    I'd try using find and the '-mmin' test to look for the changed files in the directories. Something like
    Code:
    find /etc ~/Videos ~/Downloads ~/Pictures ~/Music ~/.cache ~/.config ~/Desktop ~/.mozilla ~/.local ~/.gnupg -mmin +180 -a -mmin -720
    This would look for files changed more than 3 hours (180 minutes) but less than 12 hours (720 minutes) ago. Change the times to fit the time where nothing should have happened.

    Holger

  8. #8
    Join Date
    Mar 2019
    Beans
    249

    Re: Disk Usage Analyzer - Need help understanding result

    Quote Originally Posted by ajgreeny View Post
    It was me who removed the large images from your first two posts! The images were already there but as attachments (small icons which show at the bottom of the posts) which open as a large image when clicked.

    These attachments must have been added by you using the paperclip icon in the "Reply to Thread" toolbar, but I see you did not add the third image in this way but added it as an inline item which we try to avoid; they make life difficult for users with limited bandwidth or who pay for their downloads (yes, it still works that way for some) and it makes viewing the forum similarly a problem on small screen mobile devices such as tablets or phones.

    Please use the Attachment facility in future.

    Hi AJGreeny,
    I will not use inline again. Thanks for pointing that out!

    However, I think you misunderstood me. When I mentioned that two pics were deleted while I tried to place them in my post, I did not mean you compressing the pics in my post at all. I referred to the attachments that disappeared repeatedly while I was trying to post them. Nothing to do with you.

  9. #9
    Join Date
    Mar 2019
    Beans
    249

    Re: Disk Usage Analyzer - Need help understanding result

    Quote Originally Posted by Holger_Gehrke View Post
    '
    Changes in '/etc/' are more cause for concern. Nothing should be able to make changes in '/etc/' unless it has rather high level permissions.

    I'd try using find and the '-mmin' test to look for the changed files in the directories. Something like
    Code:
    find /etc ~/Videos ~/Downloads ~/Pictures ~/Music ~/.cache ~/.config ~/Desktop ~/.mozilla ~/.local ~/.gnupg -mmin +180 -a -mmin -720
    This would look for files changed more than 3 hours (180 minutes) but less than 12 hours (720 minutes) ago. Change the times to fit the time where nothing should have happened.

    Holger
    Thanks a million for the code. I typed it in with and without sudo.

    Without sudo I got the following result:

    Code:
     find: ‘/etc/ssl/private’: Permission denied
    find: ‘/etc/polkit-1/localauthority’: Permission denied
    find: ‘/etc/cups/ssl’: Permission denied
    With the sudo, for which I typed in my password, I got no result.

  10. #10
    Join Date
    Mar 2019
    Beans
    249

    Re: Disk Usage Analyzer - Need help understanding result

    When I posted the following code, which, I take it, was a search to see what had been changed in the last 24 hours

    Code:
     find /usr mtime -1
    I got an enormous list in return, 4865 code lines, a list so long, I had to put it in pastebin

    https://pastebin.com/aHLAsEUj
    Last edited by bhubunt; June 18th, 2023 at 09:53 PM.

Page 1 of 4 123 ... LastLast

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •